[PATCH rtems] dosfs: Fix memory leak on failed mounts.

Christian Mauderer christian.mauderer at embedded-brains.de
Mon Aug 3 14:01:48 UTC 2020


Hello Sebastian,

On 03/08/2020 15:57, Sebastian Huber wrote:
> On 03/08/2020 15:16, Christian Mauderer wrote:
> 
>> diff --git a/cpukit/libfs/src/dosfs/msdos_init.c
>> b/cpukit/libfs/src/dosfs/msdos_init.c
>> index dc9c76437d..0649258fa7 100644
>> --- a/cpukit/libfs/src/dosfs/msdos_init.c
>> +++ b/cpukit/libfs/src/dosfs/msdos_init.c
>> @@ -102,10 +102,12 @@ int rtems_dosfs_initialize(
>>       int                                rc = 0;
>>       const rtems_dosfs_mount_options   *mount_options = data;
>>       rtems_dosfs_convert_control       *converter;
>> +    bool                               converter_created = false;
>>           if (mount_options == NULL || mount_options->converter ==
>> NULL) {
>>           converter = rtems_dosfs_create_default_converter();
>> +        converter_created = true;
>>       } else {
>>           converter = mount_options->converter;
>>       }
>> @@ -116,6 +118,9 @@ int rtems_dosfs_initialize(
>>                                         &msdos_file_handlers,
>>                                         &msdos_dir_handlers,
>>                                         converter);
>> +        if (rc != 0 && converter_created) {
>> +            converter->handler->destroy(converter);
>> +        }
>>       } else {
>>           errno = ENOMEM;
>>           rc = -1;
> Why can't we destroy the converter in both cases?

In theory we could. But then we have two cases that look the same to a
user but need a different handling:

1. `mount` failed before reaching rtems_dosfs_initialize (for example
because a wrong file system has been provided or a target directory
doesn't exist). In this case the user provided converter would _not_ be
destroyed.

2. `rtems_dosfs_initialize` failed and the converter is already destroyed.

In the first case the user would have to destroy the converter himself.
Otherwise he loses memory. In the second case if the user destroys the
converter again, it would be a use after free.

-- 
--------------------------------------------
embedded brains GmbH
Herr Christian Mauderer
Dornierstr. 4
D-82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
Phone: +49-89-18 94 741 - 18
Fax:   +49-89-18 94 741 - 08
PGP: Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.


More information about the devel mailing list